01-23-2008 01:04 PM - edited 02-21-2020 01:52 AM
We are having with our local Cisco PIX 515, whereby the site to site VPN to our PIX appears to be breaking, and not re-establishing itself, every 36 hours or so.
Upon further inpsection, the symptom that we see is a slow reduction in the number of available size 1550 (Ethernet) blocks (as shown by the 'show blocks' command). This count slowly reduces from about 2000, to zero, over a period of a day or so, after which the VPN link breaks, and a router reboot is required. No other error or status messages of importance appear in the syslog output, and device free memory stays constant at around 32Mb. The depletion happens at a constant rate, even under negligible traffic conditions, with device CPU usage low, at around 1%.
The IOS is 7.0(5).
Thanks in advance for your help.
01-29-2008 09:13 AM
You can review the bugs for that code and if you open a TAC case they will probably suggest you update the code on the PIX. That would be the first place I would start. If that does not resolve the problem a TAC case is probably not a bad idea.
HTH
01-29-2008 09:52 AM
Mark,
Do you know if you can upgrade the chassis to 7.2(3). I have seen more success with 7.2 and IPSEC than 7.0.
Regards,
Arul
01-29-2008 11:16 AM
Mark,
The above message was specifically for ASA.
Since, you are running 7.0 on the pix, I would stay on 7.0 and go to the latest version 7.0(7) and see if the problem goes away. Also, 7.0(7) is a GD Code.
Regards,
Arul
02-04-2008 06:29 AM
Thax for the all the input... I will see if I can convince the powers that be to upgrade the code. I've been looking through the caveats, but I couldn't find anything that suggest there was a bug close to this one. However at this point, it couldn't hurt to upgrade the code.
Again, thank you very much for the responses.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: